Posted
by
BeauHDon Tuesday November 22, 2016 @08:00PM
from the resist-the-temptation dept.

A new bug in iOS has surfaced that will cause any iOS device to freeze when trying to view a certain .mp4 video in Safari. YouTube channel EverythingApplePro explains the bug in a video titled "This Video Will CRASH ANY iPhone!" 9to5Mac reports: As you'll see in the video below from EverythingApplePro, viewing a certain video in Safari will cause iOS to essentially overload and gradually become unusable. We won't link the infectious video here for obvious reasons, but you can take our word for it when we say that it really does render your device unusable. It's not apparently clear as to why this happens. The likely reason is that it's simply a corrupted video that's some sort of memory leak and when played, iOS isn't sure how to properly handle it, but there's like more to it than that. Because of the nature of the flaw, it isn't specific to a certain iOS build. As you can see in the video below, playing the video on an iPhone running as far back as iOS 5 will cause the device to freeze and become unusable. Interestingly, with iOS 10.2 beta 3, if you let an iPhone affected by the bug sit there for long enough, it will power off and indefinitely display the spinning wheel that you normally see during the shutdown process. If someone sends you the malicious link and you fall for it, this is luckily a pretty easy problem to fix. All you have to do is hard reboot your device. For any iPhone but the iPhone 7, this can be done by long-pressing the power and Home buttons at the same time. The iPhone 7, of course, uses a new non-mechanical Home button. In order to reboot an iPhone 7, you must long-press the power button and volume down button at the same time.

Posted
by
BeauHDon Thursday November 17, 2016 @05:45PM
from the what-more-do-you-need dept.

Krystalo quotes a report from VentureBeat: Mozilla today launched a new browser for iOS. In addition to Firefox, the company now also offers Firefox Focus, a browser dedicated to user privacy that by default blocks many web trackers, including analytics, social, and advertising. You can download the new app now from Apple's App Store. If you're getting a huge feeling of deja vu, that's because in December 2015, Mozilla launched Focus by Firefox, a content blocker for iOS. The company has now rebranded the app as Firefox Focus, and it serves two purposes. The content blocker, which can still be used with Safari, remains unchanged. The basic browser, which can be used in conjunction with Firefox for iOS, is new. Firefox Focus is basically just an iOS web view with tracking protection. If you shut it down, or iOS shuts it down while it's in the background, the session is lost. There's also an erase button if you want to wipe your session sooner. But those are really the only features -- there's no history, menus, or even tabs.

Posted
by
BeauHDon Thursday November 10, 2016 @08:00AM
from the unknown-caller dept.

An anonymous reader writes: "A bug in the iOS WebView component allows an attacker to force someone's iPhone to dial any number, while also locking the user's interface for a few moments, preventing him to cancel the outgoing call," reports BleepingComputer. "The bug was at the heart of the recent accidental DDoS of 911 call centers across the U.S." At the heart of the issue is a Safari bug reported in 2008, which was fixed in iOS 3.0. The same bug also exists in the WebView component used by app makers to show web pages inside other apps. The researcher that found the bug writes in a blog post: "If you think automatically dialing a phone number after clicking a link in an app is not a big issue think again. DoSing 911 is pretty terrible but there are other examples such as expensive 900 numbers where the attacker can actually make money. A stalker can make his victim dial his phone number so he gets his victim's number. Altogether things you don't want to happen. [...] Apple should change the default behavior of WebViews to exclude execution of TEL URIs and make it an explicit feature to avoid this kind of issues in the future."

The Let's Encrypt initiative, which exited beta back in April, is doing some of that work by providing sites with free digital certificates to help accelerate the switch to HTTPS. According to [co-founder Josh] Aas, Let's Encrypt added more than a million new active certificates in the past week -- which is also a significant step up. In the initiative's first six months (when still in beta) it only issued around 1.7 million certificates in all.
The "50% HTTPS" figure is just a one-day snapshot, and it's from "only a subset of Firefox users who are running Mozilla's telemetry browser...not default switched on for most Firefox users (only for users of pre-release Firefox builds)."
But the biggest caveat is it's only counting Firefox users, which in July represented just 7.7% of web surfers (according to Statista), behind both Chrome (49.5%) and Safari (13.68%) -- but also ahead of Internet Explorer (5.4%) and Opera (5.99%).

Posted
by
BeauHDon Thursday September 22, 2016 @03:50PM
from the that-was-quick dept.

An anonymous reader writes: 19-year-old hacker qwertyoruiop, aka Luca Todesco, jailbroke the new iPhone 7 just 24 hours after he got it, in what's the first known iPhone 7 jailbreak. Todesco tweeted a screenshot of a terminal where he has "root," alongside the message: "This is a jailbroken iPhone 7." He even has video proof of the jailbreak. Motherboard reports: "He also said that he could definitely submit the vulnerabilities he found to Apple, since they fall under the newly launched bug bounty, but he hasn't decided whether to do that yet. The hacker told me that he needs to polish the exploits a bit more to make the jailbreak 'smoother,' and that he is also planning to make this jailbreak work through the Safari browser just like the famous 'jailbreakme.com,' which allowed anyone to jailbreak their iPhone 4 just by clicking on a link." Apple responded to the news by saying, "Apple strongly cautions against installing any software that hacks iOS."

Posted
by
EditorDavid
on Saturday July 30, 2016 @08:35PM
from the Underwriters-Laboratory-for-code dept.

Peiter "Mudge" Zatko and his wife, Sarah, a former NSA mathematician, have started a nonprofit in the basement of their home "for testing and scoring the security of software... He says vendors are going to hate it." Slashdot reader mspohr shares an article from The Intercept:
"Things like address space layout randomization [ASLR] and having a nonexecutable stack and heap and stuff like that, those are all determined by how you compiled [the source code]," says Sarah. "Those are the technologies that are really the equivalent of airbags or anti-lock brakes [in cars]..." The lab's initial research has found that Microsoft's Office suite for OS X, for example, is missing fundamental security settings because the company is using a decade-old development environment to build it, despite using a modern and secure one to build its own operating system, Mudge says. Industrial control system software, used in critical infrastructure environments like power plants and water treatment facilities, is also primarily compiled on "ancient compilers" that either don't have modern protective measures or don't have them turned on by default...

The process they use to evaluate software allows them to easily compare and contrast similar programs. Looking at three browsers, for example -- Chrome, Safari, and Firefox -- Chrome came out on top, with Firefox on the bottom. Google's Chrome developers not only used a modern build environment and enabled all the default security settings they could, Mudge says, they went "above and beyond in making things even more robust." Firefox, by contrast, "had turned off [ASLR], one of the fundamental safety features in their compilation."
The nonprofit was funded with $600,000 in funding from DARPA, the Ford Foundation, and Consumers Union, and also looks at the number of external libraries called, the number of branches in a program and the presence of high-complexity algorithms.

Posted
by
BeauHDon Tuesday July 19, 2016 @05:00PM
from the reduced-file-size dept.

An anonymous reader writes from a report via The Next Web: The Safari browser included in Apple's iOS 10 and macOS Sierra software is testing WebP, technology from Google that allows developers to create smaller, richer images that make the web faster. Basically, it's a way for webpages to load more quickly. The Next Web reports: "WebP was built into Chrome back at build 32 (2013!), so it's not unproven. It's also used by Facebook due to its image compression underpinnings, and is in use across many Google properties, including YouTube." Microsoft is one of the only major players to not use WebP, according to CNET. It's not included in Internet Explorer and the company has "no plans" to integrate it into Edge. Even though iOS 10 and macOS Sierra are in beta, it's promising that we will see WebP make its debut in Safari latest this year. "It's hard to imagine Apple turning away tried and true technology that's found in a more popular browser -- one that's favored by many over Safari due to its speed, where WebP plays a huge part," reports The Next Web. "Safari is currently the second most popular browser to Chrome." What's also interesting is how WebP isn't mentioned at all in the logs for Apple's Safari Technology Preview.

Posted
by
msmash
on Wednesday June 15, 2016 @12:25PM
from the good-riddance dept.

Apple's web browser Safari 10, which will ship with macOS Sierra, will disable Flash, Java, Silverlight, QuickTime and other plug-ins by default. The move will help the company improve the overall web browsing experience by focusing on HTML5 content. From a post on WebKit blog, authored by Apple's Safari team: When a website directly embeds a visible plug-in object, Safari instead presents a placeholder element with a "Click to use" button. When that's clicked, Safari offers the user the options of activating the plug-in just one time or every time the user visits that website. Here too, the default option is to activate the plug-in only once.

Posted
by
msmash
on Monday June 13, 2016 @01:15PM
from the new-os dept.

After playing with the names of cats and a few California landmarks, Apple at WWDC 2016 announced that its desktop operating system will now be called macOS -- and its first version update is macOS Sierra. It comes with a range of new features including Siri, the digital voice assistant. The move comes roughly a year and a half after Microsoft brought its Cortana virtual assistant to desktop platform Windows 10. Sierra also supports Apple Pay payment service via Safari web browser. Ars Technica reports about some other features of macOS Sierra: Universal Clipboard answers a longstanding complaint of Mac and iOS users -- copying and pasting now works automatically between an iOS device and a desktop Mac device. iCloud now plays an expanded sync role, too, letting you move files and folders from Mac to Mac or from Mac to iOS. Another new feature called Optimized Storage can sweep through old documents and files and push them to iCloud, clearing up local disk space for other uses. It also can automatically dump your trash, clear your web history, and do some other behind the scenes sweeps. Tabs are coming to more and more applications. Federighi said that Apple wants tabs on all multi-window applications, and says that tabs can be flipped on without developer modification.Update: 06/13 18:55 GMT by M: macOS Sierra won't support many Mac models from 2007, 2008, and 2009. Find more information here.

Posted
by
msmash
on Wednesday May 25, 2016 @10:10AM
from the 'to-better-serve-you' dept.

An anonymous reader writes: Facebook is not just looking at user's personal information, interests, and online habits but also to your private conversations, revealed a new report. According to NBC report, this may be the case as Kelli Burns, a professor at University of South Florida states, "I don't think that people realize how much Facebook is tracking every move we're making online. Anything that you're doing on your phone, Facebook is watching." the professor said. Now how do you prove that? Professor Kelli tested out her theory by enabling the microphone feature, and talked about her desire to go on a safari, informing about the mode of transport she would take. "I'm really interested in going on an African safari. I think it'd be wonderful to ride in one of those jeeps," she said aloud, phone in hand. The results were shocking, as less than 60 seconds later, the first post on her Facebook feed was about a safari story out of nowhere, which was then revealed that the story had been posted three hours earlier. And, after mentioning a jeep, a car ad also appeared on her page. On a support page, Facebook explains how this feature works: "No, we don't record your conversations. If you choose to turn on this feature, we'll only use your microphone to identify the things you're listening to or watching based on the music and TV matches we're able to identify. If this feature is turned on, it's only active when you're writing a status update." I wonder how many people are actually aware of this.

Posted
by
BeauHDon Friday May 13, 2016 @05:10PM
from the update-that-needs-updating dept.

An anonymous reader quotes a report from Mac Rumors: A large number of MacBook Pro owners running OS X El Capitan are reporting widespread system freezes since installing the 10.11.4 update to Apple's Mac OS. The problem appears to be concentrated on 13-inch Retina MacBook Pros (Early 2015) running 10.11.4. Users report that their system becomes totally unresponsive at seemingly random times, with no way to regain access to their Mac other than to force a hard reboot. The issue was initially reported by MacRumors forum member Antonnn on March 25, four days after Apple released what is the third update to the Mac OS. In Antonnn's case, the freezes have been occurring "about once a week," first when browsing in Safari, but then also during the use of other Mac apps, including Adobe Photoshop and several third-party browsers. The freeze seems to affect not only the screen and mouse cursor but also the Mac's Force Touch trackpad, which completely loses feedback. Apple Support is apparently aware of the issue but have so far offered no concrete solution. Meanwhile, some users have resorted to downgrading their system to 10.11.3 by restoring from a Time Machine backup or performing a clean install. Hundreds of others have posted to a dedicated thread discussing the issue. Bill Mattheis posted a video on YouTube of the freezing he has experienced on his MacBook Pro.

The reason why these three browsers block access to The Pirate Bay is unknown, but it could be related to a malvertising campaign that has plagued the site for more than two weeks. Two weeks ago, the malvertising campaign intensified right when season six of Game of Thrones premiered.
Meanwhile, HBO is contacting sites asking them to remove Game of Thrones torrents, and sending thousands of copyright infringement warnings to ISPs, urging them to remind pirates that they can stream HBO content legally after purchasing a subscription to HBO.

Posted
by
msmash
on Thursday March 31, 2016 @02:00PM
from the squashing-bugs,-bringing-happiness dept.

An anonymous reader writes: Apple, on Thursday, rolled out a minor update to iPhone, iPad, and iPod devices. The update, dubbed iOS 9.3.1, brings with it a fix for a software glitch that caused many apps -- including Safari, and Chrome -- to freeze and crash when trying to open a link. The issue was related to Universal Link, a feature Apple first introduced with iOS 9. Many reported that some apps including Booking.com were abusing this capability, causing the Universal Link database to overload.

Posted
by
msmash
on Wednesday March 30, 2016 @01:00PM
from the steal-thunder-away-from-Microsoft's-Build-2016 dept.

Sarah Perez reports for TechCrunch: Apple today announced it's expanding its efforts in the area of web development, with the launch of a new version of its Safari web browser, designed specifically for developers. Called Safari Technology Preview, the company says this browser will allow developers to get an early look at upcoming web technologies in OS X and iOS, including things like the latest layout technologies, visual effects, and other developer tools. The idea is to allow developers to more easily get their hands on these technologies and be able to experiment, then offer feedback to Apple earlier on so the company can make the necessary improvements. AnandTech's Brandon Chester elaborates: It's available from Apple's developer website, and updates will come every two weeks via the Mac App Store. This makes the list of changes and additions easily accessible with each update, and because the builds are signed by Apple there's full support for iCloud integration. [...] One important thing to note about the Safari Technology Preview is that, while the app is available from Apple's developer site, you don't need to be a registered developer paying the yearly iOS and OS X publishing fee to access it. Since the target audience consists mainly of programmers building websites and web applications, it doesn't make sense to limit it to developers building native apps for iOS and OS X.

Posted
by
msmash
on Tuesday March 29, 2016 @10:20AM
from the don't-click-on-that-link dept.

Reader lxrocks writes: Many users are experiencing an issue with their iPhone and iPad wherein trying to open a link on Safari, Mail, Chrome or any other app causes it to freeze and crash. The issue renders any type of search with Safari as useless as none of the links returned will open. The wide-spread issue -- for which there's no known workaround just yet -- seems to be affecting users on both iOS 9.2 and iOS 9.3. Apple has acknowledged the issue and says it will release a fix "soon." There's no official word on what's causing the issue, but a popular theory with developers is that the glitch has something to do with Universal Links, a feature Apple first introduced with iOS 9. It appears some apps, such as Booking.com, are abusing this capability, causing the Universal Link database to overload.

Posted
by
BeauHDon Friday March 18, 2016 @01:34PM
from the money-is-a-good-incentive dept.

wiredmikey writes from an article on SecurityWeek: Pwn2Own 2016 has come to an end, with researchers earning a total of $460,000 in cash for disclosing 21 new vulnerabilities in Windows, OS X, Flash, Safari, Edge and Chrome. On the first day of the well-known hacking competition, contestants earned $282,500 for vulnerabilities in Safari, Flash Player, Chrome, Windows and OS X. On the second day, Tencent Security Team Sniper took the lead after demonstrating a successful root-level code execution exploit in Safari via a use-after-free flaw in Safari and an out-of-bounds issue in Mac OS X. The exploit earned them $40,000 and 10 Master of Pwn points. This year's contestants earned nearly $100,000 less for their exploits compared to Pwn2Own 2015, when researchers walked away with more than $550,000 for their exploits.

Posted
by
timothy
on Thursday March 17, 2016 @08:25AM
from the an-honest-living dept.

wiredmikey writes: Pwn2Own 2016 contestants hacked Apple's Safari Web Browser, Adobe Flash Player and Google Chrome, and earned more than $280,000 on the first day of the competition taking place this week alongside the CanSecWest conference in Vancouver, Canada. This is the first edition of Pwn2Own where contestants have been invited to escape a VMware virtual machine for a bonus of $75,000, though there has not been a successful exploit yet in this class by any contestant this week. It remains to be seen if contestants manage to surpass last year's total payout, when white hat hackers earned $552,000 at Pwn2Own.